Training Objective

The purpose of this training is to demonstrate ways to improve efficiency when testing an application for security vulnerabilities. Described methods could be used easily by security engineers, quality analysts, developers or anyone interested in finding security flaws in a target web application.

If you wish to explore the power of automation using open source tools, this training is for you. The capabilities can be further extended by integrating your favorite paid tools, if desired.

By the end of this training, you will have a working code that can be used for running some initial checks on your target Web application. You will also learn skills that would allow you to easily extend the code and customize it as per your needs.

Training level: Intermediate

Training preview

• https://youtu.be/kA9X-s1tNWU
• https://github.com/riddhi-shree/secqation-documentation

Training outline

• The problem statement, and an overview of suggested solution
• General understanding of security testing approach
• Introduction to robot framework
• Robot framework in action
• Basic elements of robot framework

• Understanding the need for an intercepting proxy tool
  Mitmproxy vs. Burp Suite
• Configure robot framework to intercept API requests and responses
• Case Study: Attacking DVWA with help of robot framework

• Quick review of Docker and Docker Compose
• Building a Jenkins CI/CD pipeline
• Securely serving the test report on cloud
• Leveraging HTTPolice
• Enabling parallel processing using pabot

• Quick review of basics of Python programming
• Creating custom keywords library
• Case Study: A demonstration of various attack/analysis scenarios using our automation framework